Whats not helping is the fact that many developers, companies and products don't yet recognise a users right to keep information about them to themselves. The recent uproar about the iTunes ministore, where iTunes sent temporary data about the users purchased songs in order to be able to recommend other tracks, albums and artists, showcases the point perfectly. Aside from a UID that identified the request, no data that could track the user was sent. No data was recorded by Apple. The problem was, Apple didn't tell the user in an obvious manner that the information was being sent.
Under pressure from the public outcry, Apple released an updated version of iTunes with the feature off by default. Now when you go to switch it on, iTunes will explain to you what it does, and why.
Its not enough to state in the license that the program can collect information, since the majority of users don't look at the license agreement. Aside from this, license agreements tend to be worded in a very broad manner, allowing the developer to do pretty much as they wish - their defense being "you agreed to it".
It should never be the responsibility of a third party application (such as a software firewall) to inform you of an applications intent to connect to another machine. This is a poor design, and leaves users who may not have such software installed on their machines in the dark about what your application is actually doing. As well as that, if your application depends on network connectivity - like iTunes - then its impossible for the average user to properly make up their own minds, since they can't tell that additional data about them is being sent.
The application needs to inform the user itself.
Any features for any applications that collect information about the user should make this point clear. The user should have the option to turn off these features, both from the menu and either on the first execution of the application, or the first use of the feature. The application should make perfectly clear what information is collected, and whether the information is kept in record. This gives the user the best chance to make a full, informed decision.
If the application does not require a record of the information to be collected, the information should be erased as soon as the transaction is complete.
On top of this, applications what you would not expect to open a network connection should ask the user before it tries to connect.
Imagine my surprise when I started to install Ubisoft's "King Kong" demo, to see my firewall telling me that the installer wanted to dial home. I could see no reason for this immediately, so I denied it. The installer refused to continue unless I let it connect to Ubisoft's server. It was never explained to me why this was needed, and I am still in the dark about it today.
Application user interface guidelines are changing. No longer are people restricted to a set of common gray controls, users are tolerant of even radical departures from the norm as long as its easy for them to figure out how to do what they want. There is a lot of work going into making language easier for the common user to understand. The whole process us becoming friendlier to look at, but not really any more so to play with.
I wonder will the day ever come that UI and/or UE guidelines contain common decency, like asking before doing something unexpected, or explaining if, when and what needs to be sent off your computer?
This is one aspect that I will be taking particular care to look at in my own applications, and I would urge all developers to do the same. Perhaps we can start a trend, or at least an expectation...